def test_group_permissions_from_workspace(self): """ Johndoe is member in Workspace A, Workspace A is member in Workspace B => Johndoe can access Workspace B """ self.login('johndoe') # johndoe cannot access workspace-b with self.assertRaises(Unauthorized): self.traverse_to_item(self.workspace_b) self.logout() self.login_as_portal_owner() # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin'])) self.logout() # johndoe can now access workspace-b self.login('johndoe') self.traverse_to_item(self.workspace_b) self.logout() # but janeschmo still cannot self.login('janeschmo') with self.assertRaises(Unauthorized): self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName fsd = self.getPopulatedDirectory() wf = getToolByName(fsd,'portal_workflow') #adapt to IGroup g = IGroup(fsd) #group title is the content object title fsd.setTitle("My FSD") self.failUnless(g.Title()=="My FSD") #roles are set on the object, but only available when object is published fsd.setRoles(('Reviewer',)) # at first, object is 'visible', but not published, roles should be empty self.failIf('Reviewer' in g.getRoles(),"roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state'))) #publish object wf.doActionFor(fsd,'publish') # now check again, role should be there self.failUnless('Reviewer' in g.getRoles(),"Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state'))) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless(g.getGroupId()==fsd.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId())) #members are obtained correctly self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person") self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons") self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage") members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456','ghi789'],"incorrect member list: %s" % members)
def getGroupsForPrincipal(self, principal, request=None): person = self.context groups = {} for held_position in person.get_held_positions(): group = IGroup(held_position.position.to_object) group_id = group.getGroupId() groups[group_id] = 1 return tuple(groups.keys())
def getGroupsForPrincipal(self, principal, request=None): groups = {} for relationship in self.context.getGroupRelationships(): groups.update(dict.fromkeys([g.getUserId() for g in self.context.getBRefs(relationship)])) for parent in aq_chain(aq_inner(self.context)): group = IGroup(parent, None) if group is not None: groups[group.getGroupId()] = 1 return tuple(groups.keys())
def test_group_permissions_from_workspace_recursive_transitive(self): """ Johndoe is member in Workspace A, Janeschmo is member in Workspace B, Workspace A is member in Workspace B, Workspace B is member in Workspace C, Workspace C is member in Workspace A: => Johndoe can access all workspaces => Janeschmo can access all workspaces """ self.login_as_portal_owner() # john is already in A # Add Jane to B. self.add_user_to_workspace( 'janeschmo', self.workspace_b, ) # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) # the group workspace-b gets added as member to workspace-c self.add_user_to_workspace( 'workspace-b', self.workspace_c, ) # make c private instead of secret, so it can be added api.content.transition(self.workspace_c, 'make_private') # the group workspace-c gets added as member to workspace-a self.add_user_to_workspace( 'workspace-c', self.workspace_a, ) obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-c', 'admin', 'johndoe']), "Workspace A membership incorrect") obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin', 'janeschmo']), "Workspace B membership incorrect") obj = IGroup(self.workspace_c) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-b', 'admin']), "Workspace C membership incorrect") self.logout() # johndoe can now access all 3 workspaces self.login('johndoe') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.traverse_to_item(self.workspace_c) self.logout() # janeschmo can also access all 3 workspaces self.login('janeschmo') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.traverse_to_item(self.workspace_c)
def getGroupsForPrincipal(self, principal, request=None): groups = {} # Get all BRefs that implement IGroup - slightly expensive for obj in self.context.getBRefs(): group = IGroup(obj, None) if group is not None: groups[group.getGroupId()] = 1 for parent in aq_chain(aq_inner(self.context)): group = IGroup(parent, None) if group is not None: groups[group.getGroupId()] = 1 return tuple(groups.keys())
def test_workgroup_security(self): ''' Check if that a workgroup assigned to a workspace allows his members to see the workspace ''' group = IGroup(self.workspace) self.assertSetEqual( set(group.getGroupMembers()), {'test_user_1_', 'Test workgroup'}, ) self.assertTrue( api.user.has_permission('View', user=self.userprofile, obj=self.workspace))
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName fsd = self.getPopulatedDirectory() wf = getToolByName(fsd, 'portal_workflow') #adapt to IGroup g = IGroup(fsd) #group title is the content object title fsd.setTitle("My FSD") self.failUnless(g.Title() == "My FSD") #roles are set on the object, but only available when object is published fsd.setRoles(('Reviewer', )) # at first, object is 'visible', but not published, roles should be empty self.failIf( 'Reviewer' in g.getRoles(), "roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd, 'review_state'))) #publish object wf.doActionFor(fsd, 'publish') # now check again, role should be there self.failUnless( 'Reviewer' in g.getRoles(), "Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd, 'review_state'))) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless( g.getGroupId() == fsd.getId(), "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId())) #members are obtained correctly self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person") self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons") self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage") members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456', 'ghi789'], "incorrect member list: %s" % members)
def getGroupsForPrincipal(self, principal, request=None): person = self.context groups = {} for held_position in person.get_held_positions(): position = held_position.position if position: obj = position.to_object if obj: assignable = DexterityBehaviorAssignable(obj) if assignable.supports(IMembraneGroup): group = IGroup(obj) group_id = group.getGroupId() groups[group_id] = 1 return tuple(groups.keys())
def getRolesForPrincipal(self, principal, request=None): roles = dict.fromkeys(IUserRoles(self.context).getRoles()) getGroups = getattr(principal, 'getGroups', lambda: tuple()) group_ids = getGroups() if group_ids: mbtool = getToolByName(self.context, TOOLNAME) uSR = mbtool.unrestrictedSearchResults groups = uSR(exact_getGroupId=group_ids, object_implements=IGroup.__identifier__) for g in groups: group = IGroup(g._unrestrictedGetObject()) roles.update(dict.fromkeys(group.getRoles())) return roles.keys()
def setSharing(ob, event): if not hasattr(ob, 'getProject'): return project = ob.getProject() # 设置初始的项目组角色 ob.manage_setLocalRoles(IGroup(project.teams.projectseniors).getGroupId(), ['Editor', 'Contributor'])
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the Classification content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName wf = getToolByName(self.classification, 'portal_workflow') #adapt to IGroup g = IGroup(self.classification) #group title is the content object title self.classification.setTitle('New Title') self.failUnless( g.Title() == 'New Title', "IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.classification.Title(), g.Title())) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless( g.getGroupId() == self.classification.getId(), "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.classification.getId(), g.getGroupId())) #members are obtained correctly, regardless of how the classification was added #added from person object self.person.setClassifications((self.classification, )) self.person2.setClassifications((self.classification, )) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456'], "incorrect member list: %s" % members) #clear the list self.classification.setPeople(()) self.failIf( self.classification.getPeople(), "there are still people listed in this classification: %s" % self.classification.getPeople()) #added from classification object self.classification.setPeople((self.person, self.person2)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456'], "incorrect member list: %s" % members) #deactivate group and verify emptiness wf.doActionFor(self.classification, 'deactivate') members = list(g.getGroupMembers()) members.sort() self.failUnless( members == [], "deactivated group has non-empty member list: %s" % members)
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the Classification content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName wf = getToolByName(self.committee,'portal_workflow') #adapt to IGroup g = IGroup(self.committee) #group title is the content object title self.committee.setTitle('New Title') self.failUnless(g.Title()=='New Title',"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.committee.Title(),g.Title())) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless(g.getGroupId()==self.committee.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.committee.getId(), g.getGroupId())) #members are obtained correctly, regardless of how the classification was added #added from person object self.person.setCommittees((self.committee,)) self.person2.setCommittees((self.committee,)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456'], "incorrect member list: %s" % members) #clear the list self.committee.setMembers(()); self.failIf(self.committee.getMembers(), "there are still people listed in this committee: %s" % self.committee.getMembers()) #added from classification object self.committee.setMembers((self.person,self.person2)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456'], "incorrect member list: %s" % members) #deactivate group and verify emptiness wf.doActionFor(self.committee,'deactivate') members = list(g.getGroupMembers()) members.sort() self.failUnless(members == [],"deactivated group has non-empty member list: %s" % members)
def getTeamsOrUsers(self): teams = self.context.aq_inner.contentValues({'portal_type': ['Team']}) teamsids = [team.getId() for team in teams] ksscore = self.getCommandSet('core') selector = ksscore.getSelector('samenode', '') content = "<select class=\"selectarea\" style=\"display: inline;\">" content += "<option value=\"please select a option\">分配权限给...</option>" content += "<optgroup label='项目组'>" for team in teams: if team.getId() != 'projectmanagers': content += "<option value=\"" + IGroup(team).getGroupId() + \ "\">" + team.pretty_title_or_id() + \ "</option>" content += "</optgroup>" project = self.context.getProject() adapter = IOrganizedEmployess(project.teams) cp = adapter.get_all_companies_and_people() for k in cp.keys(): count = 0 for i in cp[k]: if count == 0: content += "<optgroup label='" + i.pretty_title_or_id() \ +"'>" count += 1 else: content += "<option value=\"" + i.getId() + \ "\">" + i.pretty_title_or_id() + \ "</option>" count += 1 content += "</optgroup>" content += "</select>" content = force_unicode(content, 'utf-8') ksscore.insertHTMLAfter(selector, content) selectarea = ksscore.getSelector('css', '.selectarea') ksscore.focus(selectarea)
def test_group_permissions_from_workspace_recursive(self): """ Johndoe is member in Workspace A, Janeschmo is member in Workspace B, Workspace A is member in Workspace B, Workspace B is member in Workspace A: => Johndoe can access both workspaces => Janeschmo can access both workspaces """ self.login_as_portal_owner() # john is already in A # Add Jane to B. self.add_user_to_workspace( 'janeschmo', self.workspace_b, ) # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) # the group workspace-b gets added as member to workspace-a self.add_user_to_workspace( 'workspace-b', self.workspace_a, ) obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-b', 'admin', 'johndoe']), "Workspace A membership incorrect") obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin', 'janeschmo']), "Workspace B membership incorrect") self.logout() # johndoe can now access workspace-a and workspace-b self.login('johndoe') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.logout() # janeschmo can also access both workspaces self.login('janeschmo') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b)
def test_basic_group_membership(self): obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['johndoe', 'admin']))
def test_group_title(self): obj = IGroup(self.workspace_a) self.assertEqual(obj.getGroupName(), self.workspace_a.Title())
def test_group_interface_provided(self): self.assertTrue(IGroup(self.workspace_a, None) is not None)
def getGroups(self): teams = self.context.aq_inner.contentValues() return [IGroup(team).getGroupId() for team in teams]